It was discovered that in some situations OpenJDK did not properlyvalidate objects when performing deserialization. An attacker coulduse this to cause a denial of service (application crash or excessivememory consumption).